Why I Won’t Use GoDaddy WordPress Hosting

OH, LET ME COUNT THE WHYS.

Last updated 8/28/22

TL;DR

Too long; didn’t read:

  • The Fall 2021 data breach of 1.2 million plus sites
  • Limited number of backups
  • No adhoc backups
  • Slow staging site creation
  • Slow push of staging site to live
  • Staging site push to live server doesn’t remove deleted files
  • Unable to replace an image by FTP
  • Required GoDaddy “mystery” plugins
  • Domain Forwarding Fails
  • Zone Records Randomly Update to Point to GoDaddy Servers
  • Issues with Managing DNS or Updating/Deleting DNS Zone Records
  • Long Waits in Chat
  • “Free” domain included is free for a limited period
  • “Free” SSL certificate becomes very expensive after first year (see below)
  • Issues with clearing cache make it difficult to complete work efficiently
  • Issues with shared GoDaddy Pro access to client accounts are frequent
  • General sloppiness

These notes are based on my first-hand experiences with GoDaddy managed WordPress hosting and GoDaddy tech support. Your mileage may vary, but I have my doubts.

GoDaddy: The “Bargain” Basement of Website Hosting

An artist's depiction of a GoDaddy web server trying to serve its pages to visitors.
An ‘artist’s depiction’ of a GoDaddy web server trying to serve its pages to patient visitors.

Historically, GoDaddy has been known for its domain registration and cheap shared web hosting services. While it is reasonably competent at the former, the company’s cheap hosting packages are notorious in the industry for underperformance due to server over subscription— that is, placing too many accounts on a single server and not managing the use of server resources by customers. This situation causes slow, unpredictable website load times that cause financial loses for customers when frustrated visitors prematurely leave their website.

In my experience hacked websites are also more common among GoDaddy’s shared hosting customers than many competitors. Even simple HTML-only websites without programming vulnerabilities, experience intrusions and defacements. This appears to be caused by a combination of poor server maintenance and again lack of management of customer use of those servers.

Overall, GoDaddy’s bargain basement shared hosting was never much of a bargain.

GoDaddy Managed WordPress Hosting

Over the years GoDaddy has made attempts to improve its hosting services, mostly recently by jumping on the bandwagon of “managed WordPress hosting” and offering accounts which are in their words: “optimized for speed, effortless updates and total reliability…designed specifically for WordPress.”

So what is my experience of their product you ask? Let me outline a few issues:

The 2021 Data Breach

According to GoDaddy’s own report filed with the SEC, unknown attackers gained access to the system used to provision the company’s Managed WordPress sites for a period over two months. The filing states the following customer information was exposed:

  • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed.
  • The original WordPress Admin password that was set at the time of provisioning was exposed.
  • For active customers, sFTP and database usernames and passwords were exposed.
  • For a subset of active customers, the SSL private key was exposed.

Access to email and customer numbers presents customers with an increased risk for phishing attacks. Access to an unchanged administative password or database access would potentially allow anything from widespread alternation of a site’s content or function to complete exfiltration of any data stored by the site, such as contact form submissions, personal identifying information (PII), etc. Access to an SSL certificate key would leave an ecommerce site vulnerable to interception or alteration of order or credit card information in transit. After the initial disclosure GoDaddy revealed that the breach extended to a number of GoDaddy brands: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.

Not a good thing. Really. Not a good thing.

Limited Backups

GoDaddy provides daily backups for the most recent 30-days. This is a good start, but not fully adequate. If your website was compromised 60-days ago and you only found out today when Google sent you a malware notification and blocked your site as unsafe for visitors, then you don’t have a viable backup from GoDaddy.

Admittedly, rolling 30-day backups are a common offering among managed WordPress hosts, unfortunately, some of the common third-party backup solutions, like the BackupBuddy plugin, do not work well on GoDaddy servers given aspects of their configuration.

It is up to the customer to pay for, implement and test a solution to further reduce their risk to acceptable levels.

No Adhoc Backups

Typically, immediately before performing low-impact updates such as WordPress theme or plugin upgrades, a backup will be made just in case things don’t work out as intended. GoDaddy does not provide this feature. Other providers commonly do.

Slow Staging Site Creation

GoDaddy MemeA staging site is basically a clone of your live website placed at a location hidden from public view. A developer uses a staging site to deploy and test broad, impactful changes to the site. It is a very useful tool that replaces a typically time-intensive, semi-complex manual process.

However, the GoDaddy’s “one click” staging sites are painfully slow to generate. Creating a cloned staging site often takes the GoDaddy server 15-30 minutes or more. I can send a radio communication to Mars and get a response faster than GoDaddy can create a large staging site.   Likewise, once development work is completed pushing the updated staging site back to the live site to publish your changes takes equally as long. The latter also introduces a substantial window of time in which the site is publicly available, but likely incomplete or inoperable while new or modified files are being transferred to the live server.

Staging Site Problems

Worse though, is the way GoDaddy’s staging server works operates. Files deleted from the staging server, are not also deleted from the live server when the later is pushed to the live server. For example, if I have 16 files on the live site, the staging server should initially contain the same 16 files. If I then delete four files from the staging server and add four others, I still have a total of 16 files on the staging server (16 original and four new). When I push the staging server back to live, instead of 16 files the live server will contain 20 files (the 16 originals plus four new). Ideally, a staging server should be an exact duplicate of the original live site and the modified staging site should be returned to the live server as an exact copy. This a huge pain point that can introduce many issues for developers. As it stands, the process is a hot mess.
GoDaddy's staging server process is garbage

FTP Issues

Apparently, you can’t replace an image file with an updated image file of the same name. For example, replacing a unoptimized 2MB file with an optimized 200K version. Transferring the file via sFTP will complete, however, the updated version is never served even when directly calling it by its URL. Dumping cache does not help. Oh joy!

Mandatory GoDaddy Plugins

The GoDaddy Managed WordPress hosting platform uses WordPress Multisite to serve multiple customer websites from a single WordPress installation. This allows GoDaddy to enforce enable the use of a group of hidden plugins including Limit Login Attempts, Stock Photos, Manage WP Worker and WP Easy Mode as well features such as caching, CDN, IP blacklists, Sucuri scanning, single sign on, updates, hotfixes, etc. A typical WordPress admin would not be aware of when these items have been updated, or when they might be causing issues, conflicts, etc. with the rest of your installation. Furthermore, disabling, or swapping out one of their required features (e.g. caching) with a preferred third-party option, is likely impossible due to conflicts.

“Free” Domain

The included free domain registration will only be free for the duration of the hosting term you’ve initially selected when purchasing your account. Select an initial 12-month duration, you get the domain free for only 12 months.

“Free” SSL

The First One Is Free
The First One Is Free

At this point everyone with a website should be using a SSL certificate and HTTPS to encrypt website traffic in transit. GoDaddy will provide an SSL certificate free for one year with its more costly WordPress hosting plans. After that year you can renew it at the inflated rate of $79.99/year.

Since Let’s Encrypt has been offering free SSL certificates to the public, many hosts have started offering free or very low cost basic SSL certificates with hosting packages. In fact, I don’t even charge for these SSL certificates myself when hosting client websites on my servers. This is just a balloon payment scheme on GoDaddy’s part—so remember, “the first one is free.”

Update: As of 9/19/21 GoDaddy is advertising free, no charge SSL services with select hosting accounts. If true, it would mean they are no longer attempting to upcharge for a genuinely free service provided by their competition.

Caching Issues

Caching is a group of techniques that allow future requests for the same data to be served faster. An analogy might be found in your kitchen—when you go to make dinner it’s much faster and easier if the ingredients are already in the refrigerator instead of the grocery store or lying in a field awaiting harvest. Server caching is a wonderful way to speed up the load time of your website while minimizing overall server load.

Unfortunately, caching can introduce practical issues when updating a site as you generally need to be able to see changes you made and not a cached version of the previous state of the site. Typically, caching systems address these issues—either logged in administrators will be shown an uncached version of the site, or a site’s cache can be purged immediately as needed. GoDaddy states it offers the latter, but it tends to work intermittently and with delay. This can become infuriating in short order and make it impossible to get work done efficiently.

The only solution so far has been to completely turn off caching, which completely defeats the purpose.

Plugin Incompatibility

Plugin IncompatibilityAs mentioned previously, some plugins, such as BackupBuddy, are incompatible with GoDaddy managed WordPress hosting. Other plugins are blacklisted when they duplicate features already in the GoDaddy offering. This is a common industry practice up to a point, however GoDaddy went further and actively started to remove these plugins in 2016 with little or no prior discussion with account holders.

Long Waits in Chat

While the average wait to get on a customer service chat tends to be 5-10 minutes, the time required to address support tickets of even average complexity can be thirty minutes to an hour.

As an added mini-game, you will need to type something into the chat box every few minutes in order for it to not timeout and disconnect during that period.

Issues with DNS updates and Zone Record Management

When using GoDaddy’s managed WordPress hosting and GoDaddy’s DNS servers updates to DNS zone records can become very difficult.

A good portion of the time navigating around the DNS management area of the site yields a combination of “503 Service Unavailable” and “504 Gateway Timeout” errors. When those occur, you’re basically out of luck. Try again later maybe when the DevOps teams wakes up for their nap.

On other occasions DNS zone record updates needed for a launch wouldn’t save.

Likewise, if you have the Sucuri firewall installed, deleting zone records is actually impossible without intervention from customer service. You will need to contact support have them disable the Sucuri software firewall provided.

During a migration away from GoDaddy, updating a DNS A record to point to a new hosting account required a one-hour chat followed by a 24 hour wait just to find out it wasn’t updated by GoDaddy.

Best to change authoritative DNS servers for your domain completely before you start a migration away from GoDaddy. Cut GoDaddy out of the process like you would cut out a cancer.

A client that was using GoDaddy DNS services, but had migrated hosting to a better hosting provider, had their site taken offline when GoDaddy reset the custom DNS A Zone record to “Parked” on the date the prior GoDaddy hosting package was set to expire. Apparently, they will just ignore custom DNS records when it suits them.

General Sloppiness

The last time I was forced asked by a client to set up a GoDaddy managed WordPress hosting account, GoDaddy decided to place it on an EU server for no reason. The US-based client didn’t want to correct the error at the time, so now their site is potentially subject to EU privacy regulations under the General Data Protection Regulation (GDPR).

Recently, a client had an issue. Their site was mysteriously offline. The issue was traced to GoDaddy wanting to “confirm the email address” associated with their decade old customer account. However, the account link to resend the confirmation email was not working and customer support needed to be called, of course.

GoDaddy Pro is Completely Borked

GoDaddy Pro, the interface that allows designers and developers to help manage client domains and sites hosted with GoDaddy, is frequently buggy. On at least 80+ occasions over the last few years, I have been temporarily or permanently unable to reach a client’s GoDaddy account that has granted me shared access, or found myself unable to access appropriate resources such as hosting, account management or DNS functions.

GoDaddy Pro Login Failures Abound
How many times do I have to see this error?

At some point during 2019-2020 GoDaddy updated their GoDaddy Pro shared client account access system with more granular client controls so that customers could be more particular about the permissions granted to associated developers. Sounds great, except that they defaulted all the settings to off. All of the account relationships between myself and my customer’s accounts which were painstakenly set up over years were effectively unlinked. Everyday activities like updating DNS servers or zone records were no longer possible. There was no notification of this change sent to either party. Estimated time need to communicate with every customer, walk them through the process and correct: at least 40-60 hours plus a similar time on the client’s side.

Domain Expiration / Renewal / Redemption Fee / Auction Process

Domains are registered typically for periods of one or more years. At the end of the registration period, you typically renew the domain if you wish to keep it.

Unfortunately, every year a very large number of domain holders accidentally let their domain registration lapse or miss the renewal deadline or one reason or another. In the early days of the Internet, this would result in an associated website going offline, DNS not resolving and eventually the domain being returned ICANN and made available for purchase by another party. This entire process would normally take about 90-120 days.

With GoDaddy the process is wildly different.

Nineteen days after expiration of the domain registration, GoDaddy will allow you to renew the domain at the inflated cost of approximately $100 or approximately five times the annual registration fee.

Twenty-six days after the expiration of the domain GoDaddy places the domain on auction for a period of about 7-10 days. If someone purchases the domain during that period, you lose the domain. If you happen to find out the auction is happening and someone has already bid on the domain, you get to try to bid against them for the domain. They can just run up the price at that point.

In my opinion these 19 or 26 day periods are too short. Furthermore, the redemption fees and auction system are largely designed to convert all expired domains registered through GoDaddy to potential revenue for GoDaddy prior to their release to the public domain. It’s their last opportunity to rake some cash out of the process.

GoDaddy follows this process for domain expirations.

Here is their summary of the process:

Days after domain expiration What happens and what you can do
+1 day We’ll try to auto-renew it, or you can manually renew for the standard renewal price.
+5 day We’ll try to auto-renew again – but if that doesn’t work, your domain gets parked: your site and email stop working. But you can still manually renew for the standard renewal price.
+12 day We’ll try to auto-renew your domain one more time. You can still manually renew for the standard renewal price.
+19 days Domain goes on hold: it’s still in your account but inactive. You can manually renew with applicable redemption fee of approximately $100.
+26 days Domain goes to auction. If there are no active bids on the domain, you can still manually renew for the standard price plus the applicable redemption fee.
+30 days If no active bids in the auction, the domain stays in your account but now it’s expired. You can manually renew for the standard price plus the applicable redemption fee. If there’s an active bid at auction, the domain can’t be renewed.
+36 days Domain goes to a final closeout auction. Until there’s an active bid, you can still manually renew for the standard price plus the applicable redemption fee. Once there’s a bid, you can’t renew the domain, but you can place your own bid.
+41 days Final closeout auction ends. You can still manually renew for the standard price plus the applicable redemption fee.
+72 days Domain is removed from your account and you can’t renew it any more. You may be able to register the domain after the registry has released it, but GoDaddy can’t advise when the registry will release a domain for registration.

For comparision, here is Google’s statement of their domain renewal grace period policy. In my opinion it is far less complicated and far more fair to customers.

Domain Forwarding Issues

Some clients have had their domain forwarding fail intermittently with 502 (Bad Gateway) errors without explanation. Simple forwarding requests from, for example, mydomain.net to mydomain.com have been witnessed to fail for periods of 5-60 minutes several times daily for weeks resulting in uptimes below 95%.

Zone Records Randomly Update to Point to GoDaddy Servers

Other clients have found their DNS zone records randomly pointed to GoDaddy servers without explanation.

The Upside

GoDaddy purchased Sucuri.net several years ago and offers their malware scanning and remediation service as part of GoDaddy’s managed WordPress hosting package. This is good since I’ve had more requests to remediate hacked sites on GoDaddy than all other hosts combined. Other hosts offer similar services for malware scanning from other providers. It is also possible to purchase Sucuri services for use on non-GoDaddy hosted websites.

GoDaddy also purchased ManageWP a service that allows you to monitor and maintain your WordPress websites from one dashboard. ManageWP is included in the most expensive managed WordPress hosting package since that account type allows for the hosting of 5-50 websites in theory. ManageWP is also available for purchase if you need to manage non-GoDaddy hosted WordPress websites

Page load times on hosted sites are typically reasonable and on par with their competition (even though GoDaddy will say they are much faster than their competition).

Summary

Use at your own risk.

Let me know if you have had similar experiences.

If you’d like to discuss your WordPress website, or how you can enjoy best in class web hosting for your site, let me know.

Vance Bell

Vance Bell

Hi there, glad you made it! I’m Vance Bell, a freelance web designer/developer and frequent marketing consultant.

Monday to Saturday I help businesses and organizations grow attention and revenue. Sometimes on Sunday I take a break and binge watch Netflix.

Owner of Pixel Engine, a Philadelphia-based web design and online marketing studio.

If you’d like to hire me, I’d love to hear from you. If you just have a question, feel free to ask.

Related Posts

10 thoughts on “Why I Won’t Use GoDaddy WordPress Hosting”

  1. Terrible service, and I would echo each of the pain points you’ve listed above. I would add a couple of my own:

    1. I have never had a deploy from Staging to Production go smoothly on GoDaddy. The first time I ever tried it was catastrophic, and my site was offline for 3 days while I waited for support to figure out what went wrong. So much for doing extensive theme and plugin updates on Staging before making them live (and if we can’t do that on Staging, what is it even for?).

    2. The automated backups don’t restore a site to exactly the state it was at the time the backup was made. I’m not sure how this works under the hood, but it is not a true snapshot. Maybe it’s similar tech to what they use for the Staging environments?
    In the situation I described above, you might expect that restoring a backup would bring the site back online. It didn’t. That was 3 years ago, but I’ve witnessed this happen again recently with a botched WordPress theme update. A developer wanted to revert back to before they updated the theme, but the restore process did not fully revert the site. Couple this with the fact that they’ve blacklisted certain backup plugins and you’ve got a recipe for disaster.

    “Use at your own risk” is a fair assessment, but I would go further and say avoid at all costs if you value your online presence.

    1. That varies widely depending on the requirements of the site you are hosting. If you are talking about WordPress websites some shared/cloud hosting vendors I like include SiteGround, WP Engine and Flywheel (itself recently acquired by WP Engine). If you want to host client websites as an agency or freelancer, you might consider having your own managed VPS or a small managed dedicated server just for your clients. This allows you greater control over the hosting environment and likely a much better experience for your clients and their customers.

  2. Yeah man. GoDaddy is going in the Toilet. I’ve been with them for years and they seem..well scammy and shady in how they do business.
    The SSL and DNS situation sums it up. Trying to resolve 520 errors now. Doesn’t seem to get along with cloudflare.

  3. I’ll add to the list: GoDaddy Managed WordPress hosting ‘backups’ do not include the staging environment. At all. So, if you have put a lot of work into a new development on your staging site, and you want to try something that is potentially damaging (testing new plugins, for instance) you are gambling with all your work.
    It is for this reason that I copied a client’s site over to my personal WPEngine account to develop/test plugins. Once I find the right configuration I will have to re-do the work on GoDaddy and just hope nothing goes wrong.
    When advising clients on hosting it can be hard to justify the extra price for better web hosts, when a service like GoDaddy ‘seems’ to have the same features. This article is helpful in laying out all the hidden disadvantages to their platform.

  4. Howard in Florida

    Thank you for saving me tons of time I have to spend talking to my clients that hosted on GD. I say “hosted” because if they choose to stay on GoDaddy then I’m afraid I have to bow out of being their developer. There’s too many other hosting services to go to that just work.

  5. Ditto. Ditto, ditto, and ditto, and…
    Like Howard, I will bow out of a gig if the potential client insistes on going with or staying at GD. In fact, I am currently facelifting and tweaking functionality of a site at GD that the client agreed to let me move to Flywheel. I’ve been with “Fly” for 6 years. Incredibly stable and incredibly helpful Support. This current site took me 9 days to move from GD to Flywheel. One issue after another, beginning with, “Uh, how do I make a backup of this Now, so I can transfer it Now”? SFTP, using Transmit or Cyberduck, will not authenticate with GD’s supplied cred’s – neither the Live or Staging sites. Total nightmare.

    Thanks for the post, Vance. I just may need to refer a client to it in the future to convince them, GD is bad.

  6. Well, my employer has decided to set up a quick demo site for an upcoming product on GoDaddy.
    We have added a couple subdomains to DNS zone for REST API and frontend. Aaand… after almost TWO DAYS the DNS zone still HAS NOT been updated with the new subdomains. We are forced to use “hosts” file for name resolution and we cannot setup SSL support properly.
    I have not seen a DNS host which would be that slow to update their DNS zones.
    It would likely take us less time to just transfer the entire domain to another DNS host than to create a subdomain with GoDaddy.
    Absolutely terrible service.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top